diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 66bb1f601d1..d15585666e7 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -405,7 +405,7 @@ def service_provider_mfa_policy
       service_provider: sp_from_sp_session,
       auth_methods_session:,
       aal_level_requested: sp_session[:aal_level_requested],
-      piv_cac_requested: sp_session[:piv_cac_requested],
+      piv_cac_requested: resolved_authn_context_result.hspd12?,
       phishing_resistant_requested: resolved_authn_context_result.phishing_resistant?,
     )
   end
diff --git a/app/controllers/users/piv_cac_login_controller.rb b/app/controllers/users/piv_cac_login_controller.rb
index 7f627d58b9c..9e9b542ef16 100644
--- a/app/controllers/users/piv_cac_login_controller.rb
+++ b/app/controllers/users/piv_cac_login_controller.rb
@@ -58,7 +58,7 @@ def piv_cac_login_form
       @piv_cac_login_form ||= UserPivCacLoginForm.new(
         token: params[:token],
         nonce: piv_cac_nonce,
-        piv_cac_required: sp_session[:piv_cac_requested],
+        piv_cac_required: resolved_authn_context_result.hspd12?,
       )
     end
 
diff --git a/app/services/vot/legacy_component_values.rb b/app/services/vot/legacy_component_values.rb
index 785c70a7bf3..d21b47ccc78 100644
--- a/app/services/vot/legacy_component_values.rb
+++ b/app/services/vot/legacy_component_values.rb
@@ -53,7 +53,7 @@ module LegacyComponentValues
     )
     AAL2_PHISHING_RESISTANT = ComponentValue.new(
       name: Saml::Idp::Constants::AAL2_PHISHING_RESISTANT_AUTHN_CONTEXT_CLASSREF,
-      description: 'Legacy AAL2 with phishing resitance',
+      description: 'Legacy AAL2 with phishing resistance',
       implied_component_values: [],
       requirements: [:aal2, :phishing_resistant],
     )
diff --git a/spec/controllers/users/two_factor_authentication_controller_spec.rb b/spec/controllers/users/two_factor_authentication_controller_spec.rb
index 20129412a2f..4468862f24a 100644
--- a/spec/controllers/users/two_factor_authentication_controller_spec.rb
+++ b/spec/controllers/users/two_factor_authentication_controller_spec.rb
@@ -259,9 +259,14 @@ def index
     end
 
     context 'when SP requires PIV/CAC' do
+      let(:service_provider) { create(:service_provider) }
+
       before do
         stub_sign_in(user)
-        controller.session[:sp] = { phishing_resistant_requeste: true, piv_cac_requested: true }
+        controller.session[:sp] = {
+          issuer: service_provider.issuer,
+          acr_values: Saml::Idp::Constants::AAL2_HSPD12_AUTHN_CONTEXT_CLASSREF,
+        }
       end
 
       it 'redirects to MFA setup if no PIV/CAC is enabled' do